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Game development is an intricate, time-consuming process, and the work doesn't stop after a title is 
released. To keep players engaged, game companies must continually push out new, cutting-edge features 
and ensure nothing less than world-class performance and 100% uptime, all while ensuring that cyber 
attacks don't compromise game integrity or the user experience. 


Traditionally, game platforms have prioritized user experience over cybersecurity, fearing that robust 
security and authentication measures, such as SSL/TLS, would increase latency and cause user attrition. 
However, as gaming grew into the world's most popular and lucrative form of entertainment,? hackers 
began heavily targeting the industry, negatively impacting game performance and integrity. 


Defending against DDoS attacks 


pan | a | rn Y ~~ DDoS attacks have long plagued online games. Over the 
ww T a I Fi Christmas holidays in 2013, hacker Austin Thompson 
á E = ar r = ae launched a series of DDoS attacks against popular gaming 
| ge s q s sites, including Steam, PlayStation Network, Microsoft Xbox, 
4 4 Riot Games, and League of Legends.? Thompson's antics 


inspired throngs of copycats; end-of-year DDoS attacks on 
online gaming platforms became so common that days 
before Christmas 2018, the FBI, in partnership with UK and 
Netherlands law enforcement agencies, preemptively seized 
15 domains belonging to DDoS-for-hire services.’ 


Unfortunately, this virtual raid didn't quell the growth of denial of service attacks. Kaspersky found an 
18% year-over-year increase in DDoS attacks during Q2 2019, and a 32% increase in application- 
layer attacks,* a highly sophisticated form of DDoS attack that utilizes malicious bots to attack specific 
applications. 


Blocking DDoS attacks requires an automated, layered security approach such as the one employed by 
Cloudflare's DDoS protection service, which prevents disruptions caused by malicious traffic while allowing 
legitimate traffic through, ensuring that end-users' experience is not impacted. 


Attackers can also directly send volumetric DDoS traffic to the custom TCP and UDP communication 
protocols that many game platforms rely on; they can also use these ports to intercept unencrypted 
data in transit. Game developers need additional resources to defend these ports and protocols without 
compromising performance. For example, Cloudflare Spectrum extends the power of Cloudflare's DDoS, 
TLS, and IP Firewall to TCP and UDP-based services, protecting custom gaming protocols from layers 

3 and 4 DDoS attacks and enabling TLS/SSL protection to encrypt customer data. 


Attackers utilize malicious bots to launch DDoS attacks, hijack player accounts, steal virtual assets, damage 
the integrity of FPS, eSports, and world simulation games, and severely undermine the user experience. 


Credential stuffing 


Game platforms, which attract a young demographic that is prone to reusing passwords,’ are ideal targets 
for credential stuffing attacks. Hackers buy extensive lists of compromised credentials harvested from 
major data breaches, then deploy bots that attempt to use them on multiple websites. Popular video game 
distribution platform Steam estimates that every month, approximately 77,000 of its gamer accounts are 
hacked.® 


Armed with stolen credentials, hackers can clean out accounts of in-game coins, skins, and other digital 
assets, or lock the real owner out and resell the account. 


Stolen credentials from Fortnite, Minecraft, and RuneScape 
can net up to USD $40 per set.” 


amass virtual items for the purpose of resale. These bots consume game resources 
and degrade performance, alienate legitimate players, promote user attrition, and cost 
game publishers up to 40% of their in-game monthly revenues.* 


Gold farming & powerleveling 
Taking over legitimate accounts isn't the only way attackers can steal virtual assets. In 
“sold farming” and “powerleveling,” attackers program bots to play continuously and 


Automated bot management solutions use machine learning and behavioral analysis 

techniques to detect and block malicious bots while letting through legitimate bots, 
such as those used by search engines. Select a solution that is comprehensive but that does not require 
complex configuration or maintenance, such as Cloudflare Bot Management, so that you can focus on 
building games instead of managing bots. 


: Latency, latency, latency 


Just as success in real estate is about location, location, location, 
winning in the gaming industry is about latency, latency, latency. 


No other app may be as sensitive to latency as a game. Visitors 


= to anews site may be willing to wait a few seconds for an 


article or a video to load. A delay that long within a game is 
completely unacceptable. In an FPS game, the window in which 


players can successfully execute an action is measured in thousandths of a second. Even in turn-based 
and world-simulation games, players expect a real-world, real-time feel. Game elements must respond 
instantaneously when clicked, and videos in eSports games must load immediately and play seamlessly. 


Because so many factors impact how quickly web assets load, ensuring low latency is a perennial challenge. 
Among many variables, latency is impacted by: 


so 0 


B 


Geographic distance It's estimated that every 100 miles of geographic distance between an app 
or website's resources and an end-user adds 0.82 milliseconds of latency.? This is a particularly 
vexing problem in gaming because the industry serves a global customer base. 


Game complexity Game sizes were once constrained by the size of physical delivery mediums 
such as CD-ROM discs. Thanks to widespread high-speed internet access, today's games are 
limited only by end-user bandwidth and hard drive space, and today's gamers expect to be 
immersed in intricate virtual worlds. The high-res videos, 5.1 surround sound audio, and intricate 
textures used to create these worlds have caused game sizes to balloon. In the mid-2000s, 

Red Orchestra 1 was considered quite large at 2.6GB. Forza Motorsport 7, released in 2017, is a 
whopping 96.5GB." 


Mobile users Mobile gaming, valued at $55 billion in 2018, has already surpassed the console 
and PC markets and is expected to surpass USD $100 billion by 2022." Building games for mobile 
presents a unique set of challenges. Mobile performance is constrained by network connectivity 
and availability. Despite the widespread availability of 4G and 5G networks in some countries, 
60% of mobile connections worldwide are over 2G.*? In some regions, mobile network providers 
will throttle bandwidth past a certain amount. 


Slow DNS resolution When users access games, their devices must query a DNS resolver that 

will map the game's domain name to its IP address, then send the correct IP address back to 

the device. This is called DNS resolution, and optimizing it is an important part of optimizing 
performance. Not all DNS providers are optimized for speed; many DNS providers take over 50 
milliseconds to resolve each DNS query. The fastest DNS providers will resolve queries in under 20 
milliseconds; Cloudflare DNS, for example, resolves queries in under 12 milliseconds on average.'* 


Unevenly distributed server workloads Over-utilized servers run more slowly, increasing 
latency. To maximize performance, workloads must be distributed evenly among a network 
of servers. Effective load balancing can significantly improve performance; one SaaS company 
experienced a 2-3 second improvement in page load times after deploying Cloudflare Load 


Balancing. 


Server crashes Like all computers, servers sometimes crash. Without a failover plan, server crashes 

& can result in poor performance or downtime. Online gaming has no off-seasons or off-hours during 
which games can be partially or completely offline. Gamers play 24 hours a day, 365 days a year, 
and anything less than 100% uptime will cause them to abandon the game. 


Many latency and download time problems can be solved with a robust content delivery network (CDN), 
which caches static content at the network edge so that it can be delivered from a server located nearest 
the end-user. This greatly enhances performance and minimizes bandwidth consumption by reducing the 
number of requests sent to the origin server. 


In-browser gaming company CrazyGames saved over 40TB of 
bandwidth every month and improved site performance after 


switching to Cloudflare CDN." 


In addition to using a CDN for static content optimization, game platforms must also optimize dynamic 
content by deploying dynamic routing protocols, which analyze real-time network conditions to serve 
content over the fastest available links. Because dynamic routing is highly complex to configure and 
maintain, most gaming companies use an automated solution such as Cloudflare Argo Smart Routing. After 
deploying Argo in tandem with Cloudflare CDN, gamer chat app Discord cut load times by an average of 33 
milliseconds.” 


Game developers should ensure that their CDN provider supports the latest web standards and protocols, 
including HTTP/2 and QUIC (HTTP/3), which allow for faster application layer data transmission, and TLS 1.3, 
which ensures more efficient SSL encryption. 


In 2018, the video games market was valued at over USD $130 billion and is projected to exceed USD $300 
billion by 2025.18 Games are the most lucrative type of mobile app, but the market is getting increasingly 
crowded; even big names like Snapchat and Facebook Messenger are trying to cash in on the mobile gaming 
craze.'? Next on the horizon is cloud-based game streaming fueled by the growth of 5G networks, which 
promise high bandwidth and low latency on mobile.? 


In this dynamic, incredibly competitive market, game development companies, most of which are small 
businesses, are under intense pressure to develop and release quality products as soon as possible while 
keeping their internal expenses low. These small developers must focus on developing, building, and 
enhancing games; they simply cannot afford to get bogged down in underlying infrastructure management, 
such as configuring servers. 


Migrating to infrastructure-as-a-service (laaS) platforms, such as AWS, Azure, and Google Cloud Platform, 
allows game companies to replace capital expenditures on hardware with lower operational expenditures. 
Developers can also take advantage of the flexibility and scalability benefits of the cloud. 


However, for all the promises of the cloud, it's not a panacea. Developers must wrestle with virtual 
machines, containers, or both. Serverless computing options, such as Cloudflare Workers, enable 
developers to augment existing applications or create entirely new ones without configuring or maintaining 
VMs, containers, or other cloud infrastructure. Cloudflare Workers lets developers deploy serverless 
JavaScript applications on Cloudflare's global cloud network, where they are seamlessly scalable and closer 
to end users. 


In tests comparing Cloudflare Workers against AWS Lambda 
and Lambda@Edge, Workers proved to be 441% faster than a 
Lambda function and 192% faster than Lambda@Edge.?' 


Cloud service bills can also quickly get out of hand because of “egress” 
d Backsıaze IBM Cloud fees. Also known as data transfer or bandwidth fees, egress fees are 
charged when stored data is transferred to customers. Because game 
platforms are transferring enormous amounts of data to players, 24 
hours a day, every day, these fees are responsible for the bulk of a 
typical gaming company's cloud service bill. 


To solve the problem of eye-popping egress fees, Cloudflare founded 
By vic the Bandwidth Alliance. Most cloud providers that deliver traffic to 

Aare users via Cloudflare share a presence with Cloudflare in the same data 
centers around the world. In these data centers, traffic is transferred 
locally through a peering connection, minimizing infrastructure costs 
and transit charges. 


@Tencent Cloud 


Members of the Bandwidth Alliance pass on these cost savings by greatly reducing data transfer charges or 
waiving them altogether when data is transferred between Alliance members, which include big names such 
as Microsoft Azure and IBM Cloud. Multiplayer cloud platform Nodecraft significantly cut its egress fees 
after migrating 23TB from Amazon to Backblaze, a member of the Bandwidth Alliance.?? 


Conclusion 


Game companies are tasked with rapidly pushing new titles and features to market while simultaneously 
keeping internal costs low, fending off relentless cyber attacks, and satisfying the exacting performance 
expectations of one of the world’s most demanding customer bases. Automating underlying infrastructure 
tasks and security functions with services such as Cloudflare’s Solutions for Gaming enhances performance 
and security, reduces time to market, minimizes expenses, and frees up developers to focus on their core 
competency: building games. 


About Cloudflare 


Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Today 
the company runs one of the world’s largest networks, with nearly 10 percent of the Fortune 1,000 
companies using at least one Cloudflare product. Cloudflare's platform protects and accelerates any Internet 
application online without adding hardware, installing software, or changing a line of code. Internet 
properties powered by Cloudflare have all web traffic routed through its intelligent global network, which 
gets smarter with every request. As a result, they see significant improvement in performance and a 
decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine's Top Company 
Cultures 2018 list and ranked among the World's Most Innovative Companies by Fast Company in 2019. 
Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San 
Jose, CA, Washington, D.C., London, Munich, Beijing, Singapore, 

and Sydney. 
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